This Short-Form Employee Data Protection Policy is designed for use as an
internal policy document and has an HR focus, dealing specifically with
employees’ personal data.
The provisions of this policy template set out the rights of employee data
subjects, as laid out in the GDPR, and their employer’s obligations in its
role as a data controller.
This document has been written as a “short-form” alternative to our
standard Employee Data Protection Policy. Most of the core provisions are
virtually the same; however, some more detailed sections have been removed
and replaced with references to separate policies (e.g. our IT Security
Policy).
Please note that this document is designed for HR use in business only. The
terms used throughout establish and employment focus which makes this
template unsuitable for use in other contexts. A general Short-Form Data
Protection Policy is also available. Please also note that certain
provisions of the GDPR relating to public authorities and other official
bodies have not been fully incorporated.
Optional phrases / clauses are enclosed in square brackets. These should be
read carefully and selected so as to be compatible with one another. Unused
options should be removed from the document.
This Short-Form Employee Data Protection Policy contains the following
clauses:
1. Introduction
2. Definitions
3. Data Protection Officer & Scope of Policy
4. The Data Protection Principles
5. The Rights of Data Subjects
6. Lawful, Fair, and Transparent Data Processing
7. Consent
8. Specified, Explicit, and Legitimate Purposes
9. Adequate, Relevant, and Limited Data Processing
10. Accuracy of Data and Keeping Data Up-to-Date
11. Data Retention
12. Secure Processing
13. Accountability and Record-Keeping
14. Data Protection Impact Assessments and Privacy by Design
15. Keeping Data Subjects Informed
16. Data Subject Access
17. Rectification of Personal Data
18. Erasure of Personal Data
19. Restriction of Personal Data Processing
20. [Data Portability]
21. Objections to Personal Data Processing
22. [Automated Processing, Automated Decision-Making, and Profiling]
23. Personal Data
24. Sharing Personal Data
25. Transferring Personal Data to a Country Outside the [UK and] EEA
26. Data Breach Notification
27. Implementation of Policy
Once you have purchased access to the appropriate document folder click on
the “Download Document” link below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.